Artifactory Token
#
Description#
General- Documentation: https://www.jfrog.com/confluence/display/JFROG/Artifactory+REST+API
- Summary: Artifactory is a binary package manager meant to simplify and automate builds and pipelines. This detector aims at detecting API keys and access tokens.
- IPs allowlist: This feature is not available, however, two-factor authentication can be enabled.
- Scopes: Keys have the same permissions as the user they are related too. Permissions can be managed from the dashboard at a user/group level. Access tokens can have the same permissions or a subset of the permissions of the user it belong to.
#
Revoke the secretThe key can be revoked from the user profile or through the API.
#
Check for suspicious activityAll access logs are stored and accessible through the administration module under Artifactory|System Logs. More information on this can be found in the documentation.
Artifactory token
#
Details for Family: Api
Category: Package registry
Company: JFrog
High recall: True
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 1.31
Prefixed: True
PreValidators:
- type: ContentWhitelistPreValidator patterns: - akcp[0-9]
#
Examples- text: | export ARTIFACTORY_URL=http://localhost:8081/artifactory export ARTIFACTORY_TOKEN=AKCp5bueTFpfypEqQbGJPp7eHFi28fBivfWczrjbPb9erDff9LbXZbj6UsRExVXA8asWGc8fM apikey: AKCp5bueTFpfypEqQbGJPp7eHFi28fBivfWczrjbPb9erDff9LbXZbj6UsRExVXA8asWGc8fM
Artifactory access token
#
Details for Family: Api
Category: Package registry
Company: JFrog
High recall: True
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 0.6
Prefixed: True
PreValidators:
- type: ContentWhitelistPreValidator patterns: - \.jfrog\.io- type: ContentWhitelistPreValidator patterns: - eyj2zxiioiiyiiwidhlwijoislduiiwiywxnijoiulmyntyilcjrawqioi
#
Examples- text: | curl -H"Authorization: Bearer eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ1RmdMYkV6RlhVQUZXYkhMcUcxNmJmVE9SSmhBdHJuSEM1V3RueUdYc1drIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjoiamZydEAqIiwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjkwMDI3MTk4MCwianRpIjoiNjk1ZDQwZWQtNGY2Zi00ZDk4LWE0NzYtYjExZTQ3MGNjM2EyIn0.FT8U4hb2sUoQurTefZopr00P3mVpIetjSM50G_ZCetuq5HzGUSQkQCXiZ9C3RYV95k0A4sjJmSc6Ogaeqvh11s7UJ3WDM5NwoMaGpKmjELmCzEFdqhF7gkz1lc4tm-BrSMWOxfeuuT40u8D9MZbklX0xsFQf36wpzO97Q_fy7uU" \ https://gitguardian.jfrog.io/router/api/v1/system/ping # audience: artifactory token: eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ1RmdMYkV6RlhVQUZXYkhMcUcxNmJmVE9SSmhBdHJuSEM1V3RueUdYc1drIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjoiamZydEAqIiwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjkwMDI3MTk4MCwianRpIjoiNjk1ZDQwZWQtNGY2Zi00ZDk4LWE0NzYtYjExZTQ3MGNjM2EyIn0.FT8U4hb2sUoQurTefZopr00P3mVpIetjSM50G_ZCetuq5HzGUSQkQCXiZ9C3RYV95k0A4sjJmSc6Ogaeqvh11s7UJ3WDM5NwoMaGpKmjELmCzEFdqhF7gkz1lc4tm-BrSMWOxfeuuT40u8D9MZbklX0xsFQf36wpzO97Q_fy7uU host: gitguardian.jfrog.io
- text: | curl -H"Authorization: Bearer eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJWdC1KdTY4eHVwZjlmOEcyMGE0LWJiaWpOMlp6bHh5V2YwZDRDTXRzUDBnIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjoiKkAqIiwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjE2MjUwNjMyNzksImp0aSI6IjExYjhhOTMyLTdhZGMtNDg5OC05MzJjLTA5ZGI2NTEwMjRlMSJ9.rmhvVFnhwR21ncwiDRMBCPesn0DJSZb3Ch2z2JtEROjPeFAAsh8DkzCttEJ2t6Wgm06bZ6MeqvDcOGF9ofGCfCB8t2jVcBH2P8-_-U8Nhv0yzBQJvAg3ONuYsW9tnS8fHfKNQb095gIUgv1c76Ec4v3irqyiq8xFhrTc3HYfNDajRsVxRtd-vRVdlrgWRODENAMLlIuKGBOOS1l3rPZgm8usHZKjtBSRGE73E60WKSAVIh_m4MHKHzpVWMS-5hqZZSxxSp5lM6_0h-C0SuyAT6gHiH1T8VB39O_Zh2AAEmt9qIVWtnYawThfvHmbj2o9C3jNudD3jlHzXMCoYMLHdw" \ https://gitguardian.jfrog.io/router/api/v1/system/ping # audience: all token: eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJWdC1KdTY4eHVwZjlmOEcyMGE0LWJiaWpOMlp6bHh5V2YwZDRDTXRzUDBnIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjoiKkAqIiwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjE2MjUwNjMyNzksImp0aSI6IjExYjhhOTMyLTdhZGMtNDg5OC05MzJjLTA5ZGI2NTEwMjRlMSJ9.rmhvVFnhwR21ncwiDRMBCPesn0DJSZb3Ch2z2JtEROjPeFAAsh8DkzCttEJ2t6Wgm06bZ6MeqvDcOGF9ofGCfCB8t2jVcBH2P8-_-U8Nhv0yzBQJvAg3ONuYsW9tnS8fHfKNQb095gIUgv1c76Ec4v3irqyiq8xFhrTc3HYfNDajRsVxRtd-vRVdlrgWRODENAMLlIuKGBOOS1l3rPZgm8usHZKjtBSRGE73E60WKSAVIh_m4MHKHzpVWMS-5hqZZSxxSp5lM6_0h-C0SuyAT6gHiH1T8VB39O_Zh2AAEmt9qIVWtnYawThfvHmbj2o9C3jNudD3jlHzXMCoYMLHdw host: gitguardian.jfrog.io
- text: | curl -H"Authorization: Bearer eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJlckk1d25pVWF0X1RoLW9jRC1hZmowd05KVDRBV3RMbDFMMHh1em5NVFgwIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjpbImpmcnRAKiIsImpmbWRAKiIsImpmZXZ0QCoiLCJqZmFjQCoiXSwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjE2MjE5NzM3NzMsImp0aSI6IjVkOTUxNWZlLTM0ODctNDA2Ny1hNjdmLTYwYmJkNjJhYjcwYiJ9.XhwyHL0SeEs7_By6wz4F6VHex3J2QPJYRaeJ-2ksw0h14ngUmMHnmEBkgJUV9jwNFmaEXjaKO6uwv_332pt4aW3ZtAG3uzF7CeUMW16Bc3xhHgZriBgfIvEFowpbbb_2_BEcfaFRegY6UQWrWAyYZ4n-5x15HraCR64OWGgQNsEYL1Loa9zehVvj8Z9A3jh8iFPqq8lwho5wBWU9BU7cd0f6yEjIv3XTi-bUT_Qrrj9rx9iN3ePXbRViZSzYXM80clHRz7SGyO8kDBV9rqI-7PSbuPD0O14JqlQCaR9hw_k_pZ_J759UO5fVUimkbugEwNcwbj0jNSR1b1Ae_DeZLg" \ https://gitguardian.jfrog.io/router/api/v1/system/ping # audience: multiple including artifactory token: eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJlckk1d25pVWF0X1RoLW9jRC1hZmowd05KVDRBV3RMbDFMMHh1em5NVFgwIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjpbImpmcnRAKiIsImpmbWRAKiIsImpmZXZ0QCoiLCJqZmFjQCoiXSwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjE2MjE5NzM3NzMsImp0aSI6IjVkOTUxNWZlLTM0ODctNDA2Ny1hNjdmLTYwYmJkNjJhYjcwYiJ9.XhwyHL0SeEs7_By6wz4F6VHex3J2QPJYRaeJ-2ksw0h14ngUmMHnmEBkgJUV9jwNFmaEXjaKO6uwv_332pt4aW3ZtAG3uzF7CeUMW16Bc3xhHgZriBgfIvEFowpbbb_2_BEcfaFRegY6UQWrWAyYZ4n-5x15HraCR64OWGgQNsEYL1Loa9zehVvj8Z9A3jh8iFPqq8lwho5wBWU9BU7cd0f6yEjIv3XTi-bUT_Qrrj9rx9iN3ePXbRViZSzYXM80clHRz7SGyO8kDBV9rqI-7PSbuPD0O14JqlQCaR9hw_k_pZ_J759UO5fVUimkbugEwNcwbj0jNSR1b1Ae_DeZLg host: gitguardian.jfrog.io
Xray access token
#
Details for Family: Api
Category: Package registry
Company: JFrog
High recall: True
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: very rare
Prefixed: True
PreValidators:
- type: ContentWhitelistPreValidator patterns: - \.jfrog\.io- type: ContentWhitelistPreValidator patterns: - eyj2zxiioiiyiiwidhlwijoislduiiwiywxnijoiulmyntyilcjrawqioi
#
Examples- text: | curl -H"Authorization: Bearer eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ1RmdMYkV6RlhVQUZXYkhMcUcxNmJmVE9SSmhBdHJuSEM1V3RueUdYc1drIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjoiamZ4ckAqIiwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjkwMDI3MTk4MCwianRpIjoiNjk1ZDQwZWQtNGY2Zi00ZDk4LWE0NzYtYjExZTQ3MGNjM2EyIn0.ZpGDcUAebnd1sn5zXL0BYd6-Rv-6fKhEdJvKnYzsC28J0wJW0MU5MACmNx_HKWw-Ffr7_06fYJuhphy1XdTjZR6vIfUiQBQRmpFwLScC70MFgD8V-wjh04PkrnHyu6NPjVIg4NCS9IUOltPO3Pd3pzjLxbMG5evyoJ8O5Ucwhug" \ https://gitguardian.jfrog.io/router/api/v1/system/ping # audience: xray token: eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ1RmdMYkV6RlhVQUZXYkhMcUcxNmJmVE9SSmhBdHJuSEM1V3RueUdYc1drIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjoiamZ4ckAqIiwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjkwMDI3MTk4MCwianRpIjoiNjk1ZDQwZWQtNGY2Zi00ZDk4LWE0NzYtYjExZTQ3MGNjM2EyIn0.ZpGDcUAebnd1sn5zXL0BYd6-Rv-6fKhEdJvKnYzsC28J0wJW0MU5MACmNx_HKWw-Ffr7_06fYJuhphy1XdTjZR6vIfUiQBQRmpFwLScC70MFgD8V-wjh04PkrnHyu6NPjVIg4NCS9IUOltPO3Pd3pzjLxbMG5evyoJ8O5Ucwhug host: gitguardian.jfrog.io
- text: | curl -H"Authorization: Bearer eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJlckk1d25pVWF0X1RoLW9jRC1hZmowd05KVDRBV3RMbDFMMHh1em5NVFgwIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjpbImpmeHJAKiIsImpmbWRAKiIsImpmZXZ0QCoiLCJqZmFjQCoiXSwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjE2MjE5NzM3NzMsImp0aSI6IjVkOTUxNWZlLTM0ODctNDA2Ny1hNjdmLTYwYmJkNjJhYjcwYiJ9.G142GFb9wZYn3JG4XKTM8PhmvDWpGph1zPl09AIrSGbGOoEJfDmvIWABys65sH4xBQtn6OH6ys0YWg_m1bcsBMGhgBxxYqNjd61UaENmKHjztzWCT-6UPXXqgNLoYE-avqtD6vkxqWQV6tokgTyupyRizhS2TEjfrHNTtIVWi8Q" \ https://gitguardian.jfrog.io/router/api/v1/system/ping # audience: multiple including xray token: eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJlckk1d25pVWF0X1RoLW9jRC1hZmowd05KVDRBV3RMbDFMMHh1em5NVFgwIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjpbImpmeHJAKiIsImpmbWRAKiIsImpmZXZ0QCoiLCJqZmFjQCoiXSwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjE2MjE5NzM3NzMsImp0aSI6IjVkOTUxNWZlLTM0ODctNDA2Ny1hNjdmLTYwYmJkNjJhYjcwYiJ9.G142GFb9wZYn3JG4XKTM8PhmvDWpGph1zPl09AIrSGbGOoEJfDmvIWABys65sH4xBQtn6OH6ys0YWg_m1bcsBMGhgBxxYqNjd61UaENmKHjztzWCT-6UPXXqgNLoYE-avqtD6vkxqWQV6tokgTyupyRizhS2TEjfrHNTtIVWi8Q host: gitguardian.jfrog.io